| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
18101 |
CVE-2017-17880 |
125 |
|
|
2017-12-27 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. |
|
18102 |
CVE-2017-17879 |
125 |
|
|
2017-12-27 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. |
|
18103 |
CVE-2017-17876 |
275 |
|
Bypass |
2017-12-27 |
2018-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. |
|
18104 |
CVE-2017-17874 |
434 |
|
|
2017-12-27 |
2018-01-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. |
|
18105 |
CVE-2017-17869 |
79 |
|
XSS |
2017-12-27 |
2018-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. |
|
18106 |
CVE-2017-17868 |
79 |
|
XSS |
2017-12-27 |
2018-01-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. |
|
18107 |
CVE-2017-17866 |
119 |
|
DoS Overflow |
2017-12-27 |
2018-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. |
|
18108 |
CVE-2017-17864 |
200 |
|
+Info |
2017-12-27 |
2018-01-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." |
|
18109 |
CVE-2017-17862 |
20 |
|
DoS |
2017-12-27 |
2018-04-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service. |
|
18110 |
CVE-2017-17860 |
20 |
|
|
2018-01-18 |
2018-02-06 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone |
|
18111 |
CVE-2017-17859 |
79 |
|
XSS Bypass +Info |
2017-12-27 |
2018-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file. |
|
18112 |
CVE-2017-17858 |
119 |
|
Exec Code Overflow |
2018-01-22 |
2018-11-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. |
|
18113 |
CVE-2017-17850 |
20 |
|
|
2017-12-27 |
2018-11-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point. |
|
18114 |
CVE-2017-17848 |
347 |
|
|
2017-12-27 |
2019-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text. |
|
18115 |
CVE-2017-17847 |
347 |
|
|
2017-12-27 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format. |
|
18116 |
CVE-2017-17846 |
20 |
|
DoS |
2017-12-27 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003. |
|
18117 |
CVE-2017-17844 |
319 |
|
|
2017-12-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 "replay" issue. |
|
18118 |
CVE-2017-17843 |
|
|
|
2017-12-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002. |
|
18119 |
CVE-2017-17841 |
|
|
|
2018-01-10 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. |
|
18120 |
CVE-2017-17840 |
119 |
|
Exec Code Overflow |
2017-12-27 |
2018-01-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation. |
|
18121 |
CVE-2017-17837 |
79 |
|
XSS |
2018-01-04 |
2018-01-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1. |
|
18122 |
CVE-2017-17836 |
255 |
|
XSS |
2019-01-23 |
2019-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system. |
|
18123 |
CVE-2017-17832 |
79 |
|
XSS |
2017-12-27 |
2018-01-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). |
|
18124 |
CVE-2017-17831 |
20 |
|
Exec Code |
2017-12-21 |
2019-08-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository. |
|
18125 |
CVE-2017-17830 |
352 |
|
CSRF |
2017-12-21 |
2018-01-03 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Bus Booking Script has CSRF via admin/new_master.php. |
|
18126 |
CVE-2017-17829 |
89 |
|
Sql |
2017-12-21 |
2018-01-03 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. |
|
18127 |
CVE-2017-17828 |
79 |
|
XSS |
2017-12-21 |
2018-01-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter. |
|
18128 |
CVE-2017-17827 |
352 |
|
CSRF |
2017-12-20 |
2018-01-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. |
|
18129 |
CVE-2017-17826 |
79 |
|
XSS |
2017-12-20 |
2018-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it. |
|
18130 |
CVE-2017-17825 |
79 |
|
XSS |
2017-12-20 |
2018-01-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it. |
|
18131 |
CVE-2017-17824 |
89 |
|
Sql |
2017-12-20 |
2018-01-03 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. |
|
18132 |
CVE-2017-17823 |
89 |
|
Sql |
2017-12-20 |
2018-01-03 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. |
|
18133 |
CVE-2017-17822 |
89 |
|
Sql |
2017-12-20 |
2018-01-03 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. |
|
18134 |
CVE-2017-17820 |
416 |
|
DoS |
2017-12-20 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. |
|
18135 |
CVE-2017-17819 |
476 |
|
DoS |
2017-12-20 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated. |
|
18136 |
CVE-2017-17818 |
125 |
|
DoS |
2017-12-20 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c. |
|
18137 |
CVE-2017-17817 |
416 |
|
DoS |
2017-12-20 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. |
|
18138 |
CVE-2017-17816 |
416 |
|
DoS |
2017-12-20 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. |
|
18139 |
CVE-2017-17815 |
754 |
|
DoS |
2017-12-20 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts. |
|
18140 |
CVE-2017-17814 |
416 |
|
DoS |
2017-12-20 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. |
|
18141 |
CVE-2017-17813 |
416 |
|
DoS |
2017-12-20 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors. |
|
18142 |
CVE-2017-17812 |
125 |
|
DoS |
2017-12-20 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack. |
|
18143 |
CVE-2017-17811 |
119 |
|
DoS Overflow |
2017-12-20 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. |
|
18144 |
CVE-2017-17810 |
20 |
|
DoS |
2017-12-20 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. |
|
18145 |
CVE-2017-17809 |
426 |
|
|
2017-12-20 |
2018-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made. |
|
18146 |
CVE-2017-17807 |
862 |
|
|
2017-12-20 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. |
|
18147 |
CVE-2017-17793 |
200 |
|
+Info |
2017-12-20 |
2018-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename). |
|
18148 |
CVE-2017-17792 |
79 |
|
XSS |
2017-12-20 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. |
|
18149 |
CVE-2017-17789 |
119 |
|
Overflow |
2017-12-20 |
2018-05-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. |
|
18150 |
CVE-2017-17788 |
125 |
|
|
2017-12-20 |
2018-03-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. |
